General

  • Target

    b5306de7fb2b00cefc412ea11a9accf3c45627c516971c68360a13a613368d1a

  • Size

    2.1MB

  • Sample

    240218-lkxn4sgd5w

  • MD5

    4ac80ccf44081d253c873ea59a434f47

  • SHA1

    75fa8de5222dfe48827df7a629da489224f44da8

  • SHA256

    b5306de7fb2b00cefc412ea11a9accf3c45627c516971c68360a13a613368d1a

  • SHA512

    02ba39d9f2685c064d6cca4a573e5dcdd94eac266c513147ed2a0126cbbaa13e15e5d7d0cd8645d958915b2e3803f76d3d93e0b38c39fc82e4d23a9d21d19767

  • SSDEEP

    49152:qnwvunmRZH4eYb0xBcTm7Sw+ELwjL25uq7NdcP1JeK3dRz+:qnwvumRZYeC0xBcI+ELcq7NdX

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      b5306de7fb2b00cefc412ea11a9accf3c45627c516971c68360a13a613368d1a

    • Size

      2.1MB

    • MD5

      4ac80ccf44081d253c873ea59a434f47

    • SHA1

      75fa8de5222dfe48827df7a629da489224f44da8

    • SHA256

      b5306de7fb2b00cefc412ea11a9accf3c45627c516971c68360a13a613368d1a

    • SHA512

      02ba39d9f2685c064d6cca4a573e5dcdd94eac266c513147ed2a0126cbbaa13e15e5d7d0cd8645d958915b2e3803f76d3d93e0b38c39fc82e4d23a9d21d19767

    • SSDEEP

      49152:qnwvunmRZH4eYb0xBcTm7Sw+ELwjL25uq7NdcP1JeK3dRz+:qnwvumRZYeC0xBcI+ELcq7NdX

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks